Casa Vera Lounge in Nairobi has been fined Kes 1.8 million for posting a reveler’s image on its social media pages without consent.

In a statement, the Data Commissioner the heavy penalty will ensure that going forward, social joints will seek consent before using customers’ photos.

“The establishment was fined Kes 1,850,000 for posting a reveller’s image on their social media platform without the Data Subject’s consent. This penalty seeks to ensure that other lounges, clubs seek consent from their customers prior to posting,” the statement read.

Casa Vera Lounge was among three organizations penalized for using images without consent.

Others are Mulla Pride Ltd., a digital credit provider (DCP), that operates KeCredit and Faircash mobile lending apps, which has been penalized Kes 2.98 million for sharing complainants' contact information and names with third parties where threatening messages and phone calls were sent later.

Did you read this?

  1. Trident Insurance Fined Kes 1.8M Over Non-Compliance With Data Law
  2. A School In Uthiru Penalized Kes4.6M For Posting Minors Without Consent

“This Penalty will ensure that Digital lenders and financial institutions notify data subjects when collecting and processing their data, and the intention of processing the said data,” ODPC said.

“It will further ensure that the data controllers are limited to strictly dealing with data subjects who have consented to the collection and processing of their data,” read part of the statement.

Further, Roma School, a learning institution in Uthiru, will have to pay the regulator Kes 4.6 million for posting minors’ pictures without parental consent.

“This being the first and the highest penalty to an educational facility sends a message to schools and other facilities handling minors’ personal data to obtain consent from parents/guardians prior to processing minors’ data,” it added.

Under Kenyan law, firms are required to comply with the Data Privacy Rights Act and the Data Protection Act.

Data Commissioner Immaculate Kassait urged data controllers and processors to ensure that the processing of personal data is in accordance with the provisions of the Act.

“The office has also conducted a compliance audit on WhitePath, (a digital credit provider) and an inspection on Naivas Supermarkets on recent Data Breach,” ODPC stated.